CookieMiner is a malware that steals a user’s sensitive data, opens a backdoor on infected machines and downloads and executes a cryptominer. It is then able to do the following:

  • Steal cookies of Chrome and Safari browsers
  • Steal Usernames and Passwords stored in Chrome
  • Steal credit card credentials stored in Chrome (such as Visa, Mastercard and more)
  • Steal iPhone SMS messages if it was backup to iTunes
  • Download and install additional files to have a backdoor on the infected machine
  • Download and execute the cryptominer program.

Source: PaloAlto

Below we can see a piece of the malware code that extracts the saved Username and Password from Chrome:

Source: PaloAlto

For remote control, CookieMiner will download EmPyre, an open source post-exploitation control tool (

Source: CheckPoint